Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport

To: ekr at networkresonance.com, mike-list at pobox.com
Subject: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Fri, 07 Mar 2008 18:18:01 +1300
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <20080306163204.341EC5081A at romeo.rtfm.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Sender: tls-bounces at ietf.org

Eric Rescorla <ekr at networkresonance.com> writes:

>It's not *bad*. It's just unnecessary.

I think that only holds true outside the security context.  In this case
however "unnecessary" is synonymous with "bad", because the more unnecessary
features you have to add, the greater the chance of getting something wrong
somewhere in a way that'll come back to bite you later.  Even just the extra
overhead of testing for correctness and interoperability (without the worry of
opening up security holes) is sufficient to make this "bad".

Peter.
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
  - From: Eric Rescorla

Prev by Date: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
Next by Date: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
Previous by thread: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
Next by thread: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport
Index(es):
- Date
- Thread

Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.